CLAIMS: 



1. A method for performing an address update in a communication 
system, the method comprising the steps of: 

- indicating that an address update process needs to be performed, 
wherein location-related information about a mobile node is transmitted to a 
correspondent node of the mobile node if the address update process is 
performed; 

- in response to the indicating step, authenticating the correspondent 
node, the authenticating step yielding identity information about the 
correspondent node; 

- based on the identity information, determining whether the address 
update process is to be carried out; and 

- performing the address update process when the determining step 
indicates that the address update process is to be carried out and omitting the 
address update process when the determining step indicates that the address 
update process is not to be carried out. 

2. A method according to claim 1, wherein the performing step 
performs the address update for optimizing routing between the mobile node and 
the correspondent node. 

3. A method according to claim 1, further comprising a step of storing 
security policy data in the mobile node, the security policy data indicating a set 
of trusted parties. 

4. A method according to claim 3, wherein the determining step 
comprises comparing the identity information with the security policy data 
stored in the mobile node. 
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5. A method according to claim 4, wherein the performing step is 
carried out in response to the comparing step when the comparing step indicates 
that the correspondent node belongs to the set of trusted parties. 

6. A method according to claim 4, wherein the determining step 
comprises prompting a user of the mobile node to make a decision when the 
comparing step indicates that the correspondent node fails to belong to the set of 
trusted parties, wherein the prompting step comprises informing the user about 
the identity information. 

7. A method according to claim 1, wherein the indicating step 
comprises indicating that the address update process comprises a binding update 
process according to a Mobile IP protocol. 

8. A method according to claim 7, wherein the indicating step is 
performed in response to a predetermined event. 

9. A method according to claim 8, wherein the indicating step 
comprises responding to the predetermined event comprising reception of a 
packet routed via a home agent of the mobile node. 

10. A method according to claim 8, wherein the indicating step 
comprises responding to the predetermined event comprising reception of a new 
address for the mobile node. 

1 1. A method according to claim 3, wherein the storing step comprises 
storing the security policy data comprising high-level identifiers of trusted 
correspondent nodes. 
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12. A method according to claim 3, wherein the storing step comprises 
storing the security policy data comprising rules for deciding whether the 
identity information represents a trusted correspondent node. 

13. A method according to claim 1, wherein the authenticating step 
comprises authenticating the correspondent node by means of a certificate-based 
authentication protocol. 

14. A method according to claim 13, wherein the authenticating step 
comprises authenticating by means of the certificate-based authentication 
protocol comprising an Internet Key Exchange protocol. 

15. A method according to claim 13, wherein the authenticating step 
comprises authenticating by means of the certificate-based authentication 
protocol comprising a Transport Layer Security protocol. 

16. A method according to claim 1, wherein the authenticating step 
comprises authenticating by means of the authenticating step comprising 
certifying the identity information cryptographically. 

17. A mobile node for a communication system, the mobile node 
comprising: 

indicator means for giving an indication when an address update 
process needs to be performed, location-related information about a mobile node 
being notified to a correspondent node of the mobile node if the address update 
process is performed; 

authentication means for authenticating the correspondent node, the 
authentication means being responsive to the indicator means and yielding 
identity information about the correspondent node; 

determination means, responsive to the authentication means, for 
determining whether the address update process is to be performed; and 
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address update means, responsive to the determination means, for 
carrying out the address update process. 

18. A mobile node according to claim 17, further comprising binding 
means for maintaining a binding, the binding being an association of a home 
address of the mobile node with a care-of address of the mobile node, 

wherein the correspondent node is informed of the binding when the 
address update process is performed. 

19. A mobile node according to claim 17, wherein authentication means 
comprise a certificate-based authentication protocol. 

20. A mobile node according to claim 17, wherein the authentication 
means comprise a Domain Name System-based protocol for obtaining the 
identity information. 

21. A mobile node according to claim 17, wherein the determining 
means comprise a security policy database, the determination means being 
configured to determine, by means of the security policy database, whether the 
address update means can be activated without consulting a user of the mobile 
node. 

22. A mobile node according to claim 21, wherein the determining 
means further comprise user interaction means for prompting the user to make a 
decision on whether the address update process is to be performed. 

23. A mobile node according to claim 22, wherein the user interaction 
means are configured to indicate the identity information to the user, the identity 
information comprising a high-level identifier of the correspondent node. 
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24. A mobile node according to claim 21, wherein the security policy 
database comprises identifiers of trusted correspondent nodes. 

25. A mobile node according to claim 21, wherein the security policy 
database comprises rules for determining whether a given identifier represents a 
trusted correspondent node. 

26. A system for performing address updates in a communication 
system comprising: 

indicator means for giving an indication when an address update 
process needs to be performed, location-related information about a mobile node 
being notified to a correspondent node of the mobile node if the address update 
process is performed; 

authentication means for authenticating the correspondent node, the 
authentication means being responsive to the indicator means and yielding 
identity information about the correspondent node; 

determination means, responsive to the authentication means, for 
determining whether the address update process is to be performed; and 

address update means, responsive to the determination means, for 
carrying out the address update process. 

27. A system according to claim 26, wherein the authentication means 
are located in the mobile node. 

28. A system according to claim 26, wherein the authentication means 
are located in a home agent of the mobile node. 

29. A system according to claim 26, wherein the address update means 
are located in a home agent of the mobile node. 
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30. A system according to claim 28, wherein the determination 
located in the home agent of the mobile node. 
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